Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedures, published by VITA and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- policies-standards/, or any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's then-current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized User. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA and any affected Authorized User within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA or an Authorized User. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAs.
Appears in 5 contracts
Samples: Information Technology, Hardware and Maintenance Contract, Hardware and Maintenance Contract
Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedurespolicies, standards, and guidelines published by VITA and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- policies-standards/xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm-policies-standards/, or any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's then-current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized User. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA and any affected Authorized User within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA or an Authorized User. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, VITA, their officers, directors, employees and agents harmless from and against any and all Claims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, VITA, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this section. VITA reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, VITA will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by VITA, Supplier shall implement any reasonably required safeguards as identified by any program audit.
Appears in 1 contract
Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedures, published by VITA and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- policies-xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm-policies- standards/, or any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's then-current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized User. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA and any affected Authorized User within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA or an Authorized User. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAs.
Appears in 1 contract
Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedurespolicies, standards, and guidelines published by VITA DBHDS and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- xxxxx://xxx.XXXXX.xxxxxxxx.xxx/it- governance/itrm-policies-standards/, or any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's then-then- current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized User. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA DBHDS and any affected Authorized User within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA DBHDS or an Authorized User. To the extent permitted by law, Supplier shall provide VITA DBHDS and any affected Authorized User the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAs. Supplier shall indemnify, defend, and hold the Commonwealth, DBHDS, their officers, directors, employees and agents harmless from and against any and all Claims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from the Commonwealth, DBHDS, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant this section. DBHDS reserves the right to review Supplier's information security program prior to the commencement of Licensed Services and at least once annually during the Term of this Contract. During the performance of the Licensed Services, and on an annual basis, DBHDS will be entitled, at its own expense, to perform, or to have performed, an on-site audit of Supplier's information security program. In lieu of an on-site audit, upon request by DBHDS, Supplier shall implement any reasonably required safeguards as identified by any program audit.
Appears in 1 contract
Samples: Information Technology Contract
Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedures, published by VITA and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- policies-standards/, or any successor URL(s), as are pertinent to Supplier's operationperformance under this Contract. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's then-current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized User. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA and any affected Authorized User within 24 hours of discovery of, or when Supplier should have discovered, of any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA or an Authorized User. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAsCPAs or similar organization.
Appears in 1 contract
Samples: Hardware and Maintenance Contract
Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedures, published by VITA and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- policies-xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm-policies- standards/, or any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's then-current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized User. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA and any affected Authorized User within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA or an Authorized User. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAs.
Appears in 1 contract
Samples: Contractual Terms and Conditions
Security Compliance. Supplier shall comply with all provisions of the then-current Commonwealth security procedures, published by VITA and which may be found at: xxxxx://xxx.xxxx.xxxxxxxx.xxx/it-governance/itrm- policies-standards/, or any successor URL(s), as are pertinent to Supplier's operation. Further, Supplier shall comply with all applicable provisions of the relevant Authorized User's DMAS’s then-current security procedures as are pertinent to Supplier's operation and that have been provided to Supplier by the Authorized UserDMAS. Supplier shall also comply with all applicable federal, state, and local laws and regulations. Any unauthorized release of any Confidential Information, or Commonwealth proprietary or personal information, by the Supplier or Supplier Personnel constitutes a breach of Supplier’s obligations under the Contract. Supplier shall notify VITA and any affected Authorized User DMAS within 24 hours of discovery of, or when Supplier should have discovered, any breach of “unencrypted” and “unredacted” personal information, as those terms are defined in Code § 18.2-186.6, and other confidential or personal identifying information provided to the Supplier by VITA or an Authorized UserDMAS. To the extent permitted by law, Supplier shall provide VITA and any affected Authorized User DMAS the opportunity to participate in the investigation of the breach and to exercise control over reporting the unauthorized disclosure. Supplier shall ensure performance of an audit of Supplier’s environment at least annually to provide assurance of “Controls Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” in accordance with the then-current standards set forth by the American Institute of CPAs. Supplier shall indemnify, defend, and hold DMAS, the Commonwealth, their officers, directors, employees and agents harmless from and against any and all Claims, including reasonable expenses suffered by, accrued against, or charged to or recoverable from DMAS, the Commonwealth, their officers, directors, agents or employees, on account of the failure of Supplier to perform its obligations pursuant to this section.
Appears in 1 contract
Samples: Contract